Databases
StackOverflow2013
Postsdbo
POEncrypting configuration information using protected configuration provider
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POEncrypting configuration information using protected configuration provider
    text
    copied!<p>When using a protected configuration provider to encrypt configuration information in a app config file, what encryption is used? </p> <p>What alogorithm and key is used to encrypt and decrypt the information?</p> <p><strong>Update</strong></p> <p>Ok, i've read the links provided by Sani Huttunen and read these <a href="http://blogs.msdn.com/mosharaf/archive/2005/11/17/protectedConfiguration.aspx" rel="nofollow noreferrer">here</a> and <a href="http://msdn.microsoft.com/en-us/library/ms995355.aspx" rel="nofollow noreferrer">here</a>.</p> <p>So the RSAProtectedConfigurationProvider uses TripleDes and RSA encryption and<br> DpapiProtectedConfigurationProvider uses TripleDES.</p> <p>RsaProtectedConfigurationProvider uses the machine account or the user account and DpapiProtectedConfigurationProvider uses the user's logon password as the key for encryption and decryption.</p> <p>I see this would work fine for a asp.net web app. But what about windows applications?</p> <p>I was lead to believe that all my connection strings should be saved in the app.config file and then encrypted using a protected configuration provider. </p> <p>But if you deploy your winforms app to another machine it would not be able to decrypt the connectionstring becuse the key was based on the developer's logon password and saved in a keyfile not deployed with the application. or if the keyfile is deployed with the application then anyone can decrypt the app.config file.</p> <p>Is this correct? So what's the point in using this method? </p> <p><strong>What's the method for protecting information in an app.config file for deployed windows applications?</strong></p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload